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        Conference Establishment Using Request-Contained Lists
                in the Session Initiation Protocol (SIP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document describes how to create a conference using SIP URI-list
   services.  In particular, it describes a mechanism that allows a User
   Agent Client to provide a conference server with the initial list of
   participants using an INVITE-contained URI list.
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1.  Introduction

   Section 5.4 of [RFC4579] describes how to create a conference using
   ad hoc SIP [RFC3261] methods.  The client sends an INVITE request to
   a conference factory URI and receives the actual conference URI,
   which contains the "isfocus" feature tag, in the Contact header field
   of a response -- typically a 200 (OK) response.

   Once the UAC (User Agent Client) obtains the conference URI, it can
   add participants to the newly created conference in several ways,
   which are described in [RFC4579].

   Some environments have tough requirements regarding conference
   establishment time.  They require the UAC to be able to request the
   creation of an ad hoc conference and to provide the conference server
   with the initial set of participants in a single operation.  This
   document describes how to meet this requirement using the mechanism
   to transport URI lists in SIP messages described in [RFC5363].

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  User Agent Client Procedures

   A UAC that wants to include the set of initial participants in its
   initial INVITE request to create an ad hoc conference adds a body
   whose disposition type is 'recipient-list', as defined in [RFC5363],
   with a URI list that contains the participants that the UAC wants the
   conference server to invite.  Additionally, the UAC MUST include the
   'recipient-list-invite' option-tag (which is registered with the IANA
   in Section 8) in a Require header field.  The UAC sends this INVITE
   request to the conference factory URI.

   The INVITE transaction is also part of an offer/answer exchange that
   will establish a session between the UAC and the conference server,
   as specified in [RFC4579].  Therefore, the INVITE request may need to
   carry a multipart body: a session description and a URI list.

3.1.  Response Handling

   The status code in the response to the INVITE request does not
   provide any information about whether or not the conference server
   was able to bring the users in the URI list into the conference.
   That is, a 200 (OK) response means that the conference was created
   successfully, that the UAC that generated the INVITE request is in
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   the conference, and that the server understood the URI list.  If the
   UAC wishes to obtain information about the status of other users in
   the conference, it SHOULD use general conference mechanisms, such as
   the conference package, which is defined in [RFC4575].

3.2.  Re-INVITE Request Generation

   The previous sections have specified how to include a URI list in an
   initial INVITE request to a conference server.  Once the INVITE-
   initiated dialog between the UAC and the conference server has been
   established, the UAC can send subsequent INVITE requests (typically
   referred to as re-INVITE requests) to the conference server to, for
   example, modify the characteristics of the media exchanged with the
   server.

   At this point, there are no semantics associated with 'recipient-
   list' bodies in re-INVITE requests (although future extensions may
   define them).  Therefore, UACs SHOULD NOT include 'recipient-list'
   bodies in re-INVITE requests sent to a conference server.

      Note that a difference between an initial INVITE request and a
      re-INVITE request is that while the initial INVITE request is sent
      to the conference factory URI, the re-INVITE request is sent to
      the URI provided by the server in a Contact header field when the
      dialog was established.  Therefore, from the UAC's point of view,
      the resource identified by the former URI supports 'recipient-
      list' bodies, while the resource identified by the latter does not
      support them.

4.  URI-List Document Format

   As described in [RFC5363], specifications of individual URI-list
   services, like the conferencing service described here, need to
   specify a default format for 'recipient-list' bodies used within the
   particular service.

   The default format for 'recipient-list' bodies for conferencing UAs
   (User Agents) is the XML resource list format (which is specified in
   [RFC4826]) extended with the "Extensible Markup Language (XML) Format
   Extension for Representing Copy Control Attributes in Resource Lists"
   [RFC5364].  Consequently, conferencing UACs generating 'recipient-
   list' bodies MUST support both of these formats and MAY support other
   formats.  Conferencing servers able to handle 'recipient-list' bodies
   MUST support both of these formats and MAY support other formats.

   As described in "Extensible Markup Language (XML) Format Extension
   for Representing Copy Control Attributes in Resource Lists"
   [RFC5364], each URI can be tagged with a 'copyControl' attribute set
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   to either "to", "cc", or "bcc", indicating the role in which the
   recipient will get the INVITE request.  Additionally, URIs can be
   tagged with the 'anonymize' attribute to prevent the conference
   server from disclosing the target URI in a URI list.

   In addition, "Extensible Markup Language (XML) Format Extension for
   Representing Copy Control Attributes in Resource Lists" [RFC5364]
   defines a 'recipient-list-history' body that contains the list of
   recipients.  The default format for 'recipient-list-history' bodies
   for conferencing UAs is also the XML resource list document format
   specified in [RFC4826] extended with "Extensible Markup Language
   (XML) Format Extension for Representing Copy Control Attributes in
   Resource Lists" [RFC5364].  Consequently, conferencing UACs able to
   generate 'recipient-list-history' bodies MUST support these formats
   and MAY support others.  Conferencing UAs able to understand
   'recipient-list-history' MUST support these formats and MAY support
   others.  Conferencing servers able to handle 'recipient-list-history'
   bodies MUST support these formats and MAY support others.

   Nevertheless, the XML resource list document specified in [RFC4826]
   provides features, such as hierarchical lists and the ability to
   include entries by reference relative to the XML Configuration Access
   Protocol (XCAP) root URI, that are not needed by the conferencing
   service defined in this document, which only needs to transfer a flat
   list of URIs between a UA (User Agent) and the conference server.
   Therefore, when using the default resource list document,
   conferencing UAs SHOULD use flat lists (i.e., no hierarchical lists)
   and SHOULD NOT use <entry-ref> elements.  A conference factory
   application receiving a URI list with more information than what has
   just been described MAY discard all the extra information.

   Figure 1 shows an example of a flat list that follows the XML
   resource list document (specified in [RFC4826]) extended with
   "Extensible Markup Language (XML) Format Extension for Representing
   Copy Control Attributes in Resource Lists" [RFC5364].

   <?xml version="1.0" encoding="UTF-8"?>
   <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists"
             xmlns:cp="urn:ietf:params:xml:ns:copycontrol">
     <list>
       <entry uri="sip:bill@example.com" cp:copyControl="to"  />
       <entry uri="sip:joe@example.org" cp:copyControl="cc" />
       <entry uri="sip:ted@example.net" cp:copyControl="bcc" />
     </list>
   </resource-lists>

                            Figure 1: URI list
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5.  Conference Server Procedures

   Conference servers that are able to receive and process INVITE
   requests with a 'recipient-list' body SHOULD include a 'recipient-
   list-invite' option-tag in a Supported header field when responding
   to OPTIONS requests.

   On reception of an INVITE request containing a 'recipient-list' body
   as described in Section 3, a conference server MUST follow the rules
   described in [RFC4579] to create ad hoc conferences.  Once the ad hoc
   conference is created, the conference server SHOULD attempt to add
   the participants in the URI list to the conference as if their
   addition had been requested using any of the methods described in
   [RFC4579].

   The INVITE transaction is also part of an offer/answer exchange that
   will establish a session between the UAC and the conference server,
   as specified in [RFC4579].  Therefore, the INVITE request may carry a
   multipart body: a session description and a URI list.

   Once the conference server has created the ad hoc conference and has
   attempted to add the initial set of participants, the conference
   server behaves as a regular conference server and MUST follow the
   rules in [RFC4579].

   The incoming INVITE request will contain a URI-list body or reference
   (as specified in [RFC5363]) with the actual list of recipients.  If
   this URI list includes resources tagged with the 'copyControl'
   attribute set to a value of "to" or "cc", the conference server
   SHOULD include a URI list in each of the outgoing INVITE requests.
   This list SHOULD be formatted according to the XML format for
   representing resource lists (specified in [RFC4826]) and the
   copyControl extension specified in [RFC5364].

   The URI-list service MUST follow the procedures specified in
   [RFC5364] with respect to the handling of the 'anonymize', 'count',
   and 'copyControl' attributes.

   If the conference server includes a URI list in an outgoing INVITE
   request, it MUST include a Content-Disposition header field (which is
   specified in [RFC2183]) with the value set to 'recipient-list-
   history' and a 'handling' parameter (as specified in [RFC3204]) set
   to "optional".
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5.1.  Re-INVITE Request Handling

   At this point, there are no semantics associated with 'recipient-
   list' bodies in re-INVITE requests (although future extensions may
   define them).  Therefore, a conference server receiving a re-INVITE
   request with a 'recipient-list' body and, consequently, a
   'recipient-list-invite' option-tag, following standard SIP
   procedures, rejects it with a 420 (Bad Extension), which carries an
   Unsupported header field listing the 'recipient-list-invite' option-
   tag.

      This is because the resource identified by the conference URI does
      not actually support this extension.  On the other hand, the
      resource identified by the conference factory URI does support
      this extension and, consequently, would include the 'recipient-
      list-invite' option-tag in, for example, responses to OPTIONS
      requests.

6.  Example

   Figure 2 shows an example of operation.  A UAC sends an INVITE
   request (F1) that contains an SDP body and a URI list to the
   conference server.  The conference server answers with a 200 (OK)
   response and generates an INVITE request to each of the UASs (User
   Agent Servers) identified by the URIs included in the URI list.  The
   conference server includes SDP and a manipulated URI list in each of
   the outgoing INVITE requests.
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   +--------+        +---------+      +--------+ +--------+ +--------+
   |SIP UAC |        | confer. |      |SIP UAS | |SIP UAS | |SIP UAS |
   |        |        | server  |      |   1    | |   2    | |   n    |
   +--------+        +---------+      +--------+ +--------+ +--------+
       |                  |               |          |          |
       | F1 INVITE        |               |          |          |
       | ---------------->|               |          |          |
       | F2 200 OK        |               |          |          |
       |<---------------- |  F3 INVITE    |          |          |
       |                  | ------------->|          |          |
       |                  |  F4 INVITE    |          |          |
       |                  | ------------------------>|          |
       |                  |  F5 INVITE    |          |          |
       |                  | ----------------------------------->|
       |                  |  F6 200 OK    |          |          |
       |                  |<------------- |          |          |
       |                  |  F7 200 OK    |          |          |
       |                  |<------------------------ |          |
       |                  |  F8 200 OK    |          |          |
       |                  |<----------------------------------- |
       |                  |               |          |          |
       |                  |               |          |          |
       |                  |               |          |          |

                      Figure 2: Example of operation

   Figure 3 shows an example of the INVITE request F1, which carries a
   multipart/mixed body composed of two other bodies: an application/sdp
   body that describes the session and an application/resource-lists+xml
   body that contains the list of target URIs.

   INVITE sip:conf-fact@example.com SIP/2.0
   Via: SIP/2.0/TCP atlanta.example.com
       ;branch=z9hG4bKhjhs8ass83
   Max-Forwards: 70
   To: "Conf Factory" <sip:conf-fact@example.com>
   From: Alice <sip:alice@example.com>;tag=32331
   Call-ID: d432fa84b4c76e66710
   CSeq: 1 INVITE
   Contact: <sip:alice@atlanta.example.com>
   Allow: INVITE, ACK, CANCEL, BYE, REFER
   Allow-Events: dialog
   Accept: application/sdp, message/sipfrag
   Require: recipient-list-invite
   Content-Type: multipart/mixed;boundary="boundary1"
   Content-Length: 690
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   --boundary1
   Content-Type: application/sdp

   v=0
   o=alice 2890844526 2890842807 IN IP4 atlanta.example.com
   s=-
   c=IN IP4 192.0.2.1
   t=0 0
   m=audio 20000 RTP/AVP 0
   a=rtpmap:0 PCMU/8000
   m=video 20002 RTP/AVP 31
   a=rtpmap:31 H261/90000

   --boundary1
   Content-Type: application/resource-lists+xml
   Content-Disposition: recipient-list

   <?xml version="1.0" encoding="UTF-8"?>
   <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists"
             xmlns:cp="urn:ietf:params:xml:ns:copyControl">
     <list>
       <entry uri="sip:bill@example.com" cp:copyControl="to" />
       <entry uri="sip:randy@example.net" cp:copyControl="to"
                                          cp:anonymize="true"/>
       <entry uri="sip:eddy@example.com" cp:copyControl="to"
                                         cp:anonymize="true"/>
       <entry uri="sip:joe@example.org" cp:copyControl="cc" />
       <entry uri="sip:carol@example.net" cp:copyControl="cc"
                                          cp:anonymize="true"/>
       <entry uri="sip:ted@example.net" cp:copyControl="bcc" />
       <entry uri="sip:andy@example.com" cp:copyControl="bcc" />
     </list>
   </resource-lists>
   --boundary1--

        Figure 3: INVITE request received at the conference server

   The INVITE requests F3, F4, and F5 are similar in nature.  All those
   INVITE requests contain a multipart/mixed body that is composed of
   two other bodies: an application/sdp body describing the session and
   an application/resource-lists+xml containing the list of recipients.
   The application/resource-lists+xml bodies are not equal to the
   application/resource-lists+xml included in the received INVITE
   request F1, because the conference server has anonymized those URIs
   tagged with the 'anonymize' attribute and has removed those URIs
   tagged with a "bcc" 'copyControl' attribute.  Figure 4 shows an
   example of the message F3.
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   INVITE sip:bill@example.com SIP/2.0
   Via: SIP/2.0/TCP conference.example.com
       ;branch=z9hG4bKhjhs8as454
   Max-Forwards: 70
   To: <sip:bill@example.com>
   From: Conference Server <sip:conf34@example.com>;tag=234332
   Call-ID: 389sn189dasdf
   CSeq: 1 INVITE
   Contact: <sip:conf34@conference.example.com>;isfocus
   Allow: INVITE, ACK, CANCEL, BYE, REFER
   Allow-Events: dialog, conference
   Accept: application/sdp, message/sipfrag
   Content-Type: multipart/mixed;boundary="boundary1"
   Content-Length: 690

   --boundary1
   Content-Type: application/sdp

   v=0
   o=conf 2890844343 2890844343 IN IP4 conference.example.com
   s=-
   c=IN IP4 192.0.2.5
   t=0 0
   m=audio 40000 RTP/AVP 0
   a=rtpmap:0 PCMU/8000
   m=video 40002 RTP/AVP 31
   a=rtpmap:31 H261/90000

   --boundary1
   Content-Type: application/resource-lists+xml
   Content-Disposition: recipient-list-history; handling=optional

   <?xml version="1.0" encoding="UTF-8"?>
   <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists"
             xmlns:cp="urn:ietf:params:xml:ns:copycontrol">
     <list>
       <entry uri="sip:bill@example.com" cp:copyControl="to" />
       <entry uri="sip:anonymous@anonymous.invalid" cp:copyControl="to"
                                                    cp:count="2"/>
       <entry uri="sip:joe@example.org" cp:copyControl="cc" />
       <entry uri="sip:anonymous@anonymous.invalid" cp:copyControl="cc"
                                                    cp:count="1"/>
     </list>
   </resource-lists>
   --boundary1--

          Figure 4: INVITE request sent by the conference server
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7.  Security Considerations

   This document discusses setup of SIP conferences using a request-
   contained URI list.  Both conferencing and URI-list services have
   specific security requirements, which are summarized here.
   Conferences generally have authorization rules about who can or
   cannot join a conference, what type of media can or cannot be used,
   etc.  This information is used by the focus to admit or deny
   participation in a conference.  It is RECOMMENDED that these types of
   authorization rules be used to provide security for a SIP conference.

   For this authorization information to be used, the focus needs to be
   able to authenticate potential participants.  Normal SIP mechanisms,
   including Digest authentication and certificates, can be used.  These
   conference-specific security requirements are discussed further in
   the requirements and framework documents -- [RFC4245] and [RFC4353].

   For conference creation using a list, there are some additional
   security considerations.  "Framework and Security Considerations for
   Session Initiation Protocol (SIP) URI-List Services" [RFC5363]
   discusses issues related to SIP URI-list services.  Given that a
   conference server sending INVITE requests to a set of users acts as a
   URI-list service, implementations of conference servers that handle
   lists MUST follow the security-related rules in [RFC5363].  These
   rules include opt-in lists and mandatory authentication and
   authorization of clients.

8.  IANA Considerations

   This document defines the 'recipient-list-invite' SIP option-tag.  It
   has been registered in the Option Tags subregistry under the SIP
   parameter registry.  The following is the description used in the
   registration:

   +------------------------+------------------------------+-----------+
   | Name                   | Description                  | Reference |
   +------------------------+------------------------------+-----------+
   | recipient-list-invite  | The body contains a list of  | [RFC5366] |
   |                        | URIs that indicates the      |           |
   |                        | recipients of the SIP INVITE |           |
   |                        | request                      |           |
   +------------------------+------------------------------+-----------+

     Table 1: Registration of the 'recipient-list-invite' option-tag
                                  in SIP
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